cve/2023/CVE-2023-3439.md

CVE-2023-3439

Description

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.

POC

Reference

• http://www.openwall.com/lists/oss-security/2023/07/02/1
• b561275d63

Github

No PoCs found on GitHub currently.